Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1.exe

windows7-x64

7

1.exe

windows10-2004-x64

7

2.exe

windows7-x64

7

2.exe

windows10-2004-x64

7

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

_中文版...64.exe

windows7-x64

7

_中文版...64.exe

windows10-2004-x64

7

potato_latestx64.exe

windows7-x64

7

potato_latestx64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    104.3MB

  • MD5

    7fa83fe4857eaaf6fc6db9297c844038

  • SHA1

    2a327cb8fbfd1273c18947817899dd98affe0051

  • SHA256

    933ade515e0f2d50619c89a7db18a898e6029448437ce72d6306fe67e269b507

  • SHA512

    b61ecf63897e0fb48d1a732cd4bb5537d3e6f6ada31a6011c12ffe1516cadc68a4e1cf1f806c735d127282ca2528b9b373976ddb0baefacdfcad4163f00f6db0

  • SSDEEP

    1572864:0X+S+V9LyN0C1qh6maqmmRoF+dnQ6dkkGFinQ6dkkGFinQYPcAtjTDhlHYxZGf8A:0X+p3uN0CaFlQ9FiQ9FiQYEAlHQZGf8A

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsmA45F.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    d1eefb07abc2577dfb92eb2e95a975e4

    SHA1

    0584c2b1807bc3bd10d4b60d2d23eeb0e6832ca2

    SHA256

    89dd7d646278d8bfc41d5446bdc348b9a9afaa832abf02c1396272bb7ac7262a

    SHA512

    eaffd9940b1df59e95e2adb79b3b6415fff5bf196ebea5fe625a6c52e552a00b44d985a36a8dd9eb33eba2425ffea4244ed07a75d87284ff51ec9f9a5e1ac65e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsmA45F.tmp\ioSpecial.ini
    Filesize

    1024B

    MD5

    e7199a39f0f82196968ff2377c72038d

    SHA1

    1de8a8dc7598ffc43db4e773a592892b01a374ba

    SHA256

    af4422c8c6979dbc7228a658ff3763a5920706f251aa396e4133879660dab0e3

    SHA512

    56a6699488079acc12900b8a529ac2b9c3cc67901aef2bf3d954438aead44826ec02f4010fb62eb325299479cde094c0453698241a57328452473a3390fa001a

    Download Submit